tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan S Fisher (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OPENEJB-1856) Allow User selectable Cipher Suites to enhance ejbds SSL security
Date Tue, 03 Jul 2012 21:42:35 GMT
Jonathan S Fisher created OPENEJB-1856:
------------------------------------------

             Summary: Allow User selectable Cipher Suites to enhance ejbds SSL security
                 Key: OPENEJB-1856
                 URL: https://issues.apache.org/jira/browse/OPENEJB-1856
             Project: OpenEJB
          Issue Type: Improvement
          Components: server
    Affects Versions: 4.0.0
         Environment: All
            Reporter: Jonathan S Fisher
            Priority: Minor
         Attachments: ServiceDaemon.patch, SocketConnectionFactory.patch

Currently, "SSL_DH_anon_WITH_RC4_128_MD5" is harded as the only available cipher suite when
using SSL. While this provides integrtiy and eavesdorpping protection, it offers no protection
from MITM attacks.

Allowing the user to specify the protocol suite, then having them also use the normal javax.net.ssl.trustStore
and javax.net.ssl.keyStore parameters will allow fully secure connections to be established.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message